RFC 2828
Internet Security Glossary
1. "DoD Basic Security Option" (IP option type 130): Defined for
use on U.S. Department of Defense common user data networks.
Identifies the Defense classification level at which the
datagram is to be protected and the protection authorities
whose rules apply to the datagram. [R1108]
A "protection authority" is a National Access Program (e.g.,
GENSER, SIOP-ESI, SCI, NSA, Department of Energy) or Special
Access Program that specifies protection rules for transmission
and processing of the information contained in the datagram.
[R1108]
2. "DoD Extended Security Option" (IP option type 133): Permits
additional security labeling information, beyond that present
in the Basic Security Option, to be supplied in the datagram to
meet the needs of registered authorities. [R1108]
3. "Common IP Security Option" (CIPSO) (IP option type 134):
Designed by TSIG to carry hierarchic and non-hierarchic
security labels. (Formerly called "Commercial IP Security
Option".) Was published as Internet-Draft [CIPSO]; not advanced
to RFC.
$ Internet Protocol Suite
See: (secondary definition under) Internet.
$ Internet Security Association and Key Management Protocol (ISAKMP)
(I) An Internet IPsec protocol [R2408] to negotiate, establish,
modify, and delete security associations, and to exchange key
generation and authentication data, independent of the details of
any specific key generation technique, key establishment protocol,
encryption algorithm, or authentication mechanism.
(C) ISAKMP supports negotiation of security associations for
protocols at all TCP/IP layers. By centralizing management of
security associations, ISAKMP reduces duplicated functionality
within each protocol. ISAKMP can also reduce connection setup
time, by negotiating a whole stack of services at once. Strong
authentication is required on ISAKMP exchanges, and a digital
signature algorithm based on asymmetric cryptography is used
within ISAKMP's authentication component.
$ Internet Society (ISOC)
(I) A professional society concerned with Internet development
(including technical Internet Standards); with how the Internet is
and can be used; and with social, political, and technical issues
that result. The ISOC Board of Trustees approves appointments to
the IAB from among nominees submitted by the IETF nominating
committee. [R2026]
$ Internet Standard
(I) A specification, approved by the IESG and published as an RFC,
that is stable and well-understood, is technically competent, has
multiple, independent, and interoperable implementations with
substantial operational experience, enjoys significant public
support, and is recognizably useful in some or all parts of the
Internet. [R2026] (See: RFC.)
(C) The Internet Standards Process is an activity of the ISOC and
is organized and managed by the IAB and the IESG. The process is
concerned with all protocols, procedures, and conventions used in
or by the Internet, whether or not they are part of the Internet
Protocol Suite. The "Internet Standards Track" has three levels of
increasing maturity: Proposed Standard, Draft Standard, and
Standard. (See: (standards levels under) ISO.)
$ Internet Standards document (ISD)
(C) In this Glossary, this term refers to an RFC, Internet-Draft,
or other item that is produced as part of the Internet Standards
Process [R2026]. However, neither the term nor the abbreviation is
widely accepted and, therefore, SHOULD NOT be used in an ISD
unless it is accompanied by an explanation like this. (See:
Internet Standard.)
$ internet vs. Internet
1. (I) Not capitalized: A popular abbreviation for "internetwork".
2. (I) Capitalized: "The Internet" is the single, interconnected,
worldwide system of commercial, government, educational, and other
computer networks that share the set of protocols specified by the
IAB [R2026] and the name and address spaces managed by the ICANN.
(C) The protocol set is named the "Internet Protocol Suite". It
also is popularly known as "TCP/IP", because TCP and IP are two of
its fundamental components. These protocols enable a user of any
one of the networks in the Internet to communicate with, or use
services located on, any of the other networks.
(C) Although the Internet does have architectural principles
[R1958], no Internet Standard formally defines a layered reference
model for the IPS that is similar to the OSIRM. However, Internet
community documents do refer (inconsistently) to layers:
application, socket, transport, internetwork, network, data link,
and physical. In this Glossary, Internet layers are referred to by
name to avoid confusing them with OSIRM layers, which are referred
to by number.
$ internetwork
(I) A system of interconnected networks; a network of networks.
Usually shortened to "internet". (See: internet vs. Internet.)
(C) An internet is usually built using OSI layer 3 gateways to
connect a set of subnetworks. When the subnetworks differ in the
OSI layer 3 protocol service they provide, the gateways sometimes
implement a uniform internetwork protocol (e.g., IP) that operates
at the top of layer 3 and hides the underlying heterogeneity from
hosts that use communication services provided by the internet.
(See: router.)
$ intranet
(I) A computer network, especially one based on Internet
technology, that an organization uses for its own internal, and
usually private, purposes and that is closed to outsiders. (See:
extranet, virtual private network.)
$ intruder
(I) An entity that gains or attempts to gain access to a system or
system resource without having authorization to do so. (See:
cracker.)
$ intrusion
See: security intrusion.
$ intrusion detection
(I) A security service that monitors and analyzes system events
for the purpose of finding, and providing real-time or near real-
time warning of, attempts to access system resources in an
unauthorized manner.
$ invalidity date
(N) An X.509 CRL entry extension that "indicates the date at which
it is known or suspected that the [revoked certificate's private
key] was compromised or that the certificate should otherwise be
considered invalid" [X509].
(C) This date may be earlier than the revocation date in the CRL
entry, and may even be earlier than the date of issue of earlier
CRLs. However, the invalidity date is not, by itself, sufficient
for purposes of non-repudiation service. For example, to
fraudulently repudiate a validly-generated signature, a private
key holder may falsely claim that the key was compromised at some
time in the past.
$ IP
See: Internet Protocol.
$ IP address
(I) A computer's internetwork address that is assigned for use by
the Internet Protocol and other protocols.
(C) An IP version 4 [R0791] address is written as a series of four
8-bit numbers separated by periods. For example, the address of
the host named "rosslyn.bbn.com" is 192.1.7.10.
(C) An IP version 6 [R2373] address is written as x:x:x:x:x:x:x:x,
where each "x" is the hexadecimal value of one of the eight 16-bit
parts of the address. For example, 1080:0:0:0:8:800:200C:417A and
FEDC:BA98:7654:3210:FEDC:BA98:7654:3210.
$ IP Security Option
See: Internet Protocol Security Option.
$ IPRA
See: Internet Policy Registration Authority.
$ IPsec
See: Internet Protocol security.
$ IPsec Key Exchange (IKE)
(I) An Internet, IPsec, key-establishment protocol [R2409] (partly
based on OAKLEY) that is intended for putting in place
authenticated keying material for use with ISAKMP and for other
security associations, such as in AH and ESP.
$ IPSO
See: Internet Protocol Security Option.
$ ISAKMP
See: Internet Security Association and Key Management Protocol.
$ ISD
See: Internet Standards document.
$ ISO
(I) International Organization for Standardization, a voluntary,
non-treaty, non-government organization, established in 1947, with
voting members that are designated standards bodies of
participating nations and non-voting observer organizations. (See:
ANSI, ITU-T.)
(C) Legally, ISO is a Swiss, non-profit, private organization. ISO
and the IEC (the International Electrotechnical Commission) form
the specialized system for worldwide standardization. National
bodies that are members of ISO or IEC participate in developing
international standards through ISO and IEC technical committees
that deal with particular fields of activity. Other international
governmental and non-governmental organizations, in liaison with
ISO and IEC, also take part. (ANSI is the U.S. voting member of
ISO. ISO is a class D member of ITU-T.)
(C) The ISO standards development process has four levels of
increasing maturity: Working Draft (WD), Committee Draft (CD),
Draft International Standard (DIS), and International Standard
(IS). (See: (standards track levels under) Internet Standard.) In
information technology, ISO and IEC have a joint technical
committee, ISO/IEC JTC 1. DISs adopted by JTC 1 are circulated to
national bodies for voting, and publication as an IS requires
approval by at least 75% of the national bodies casting a vote.
$ ISOC
See: Internet Society.
$ issue (a digital certificate or CRL)
(I) Generate and sign a digital certificate (or CRL) and, usually,
distribute it and make it available to potential certificate users
(or CRL users). (See: certificate creation.)
(C) The ABA Guidelines [ABA] explicitly limit this term to
certificate creation, and exclude the act of publishing. In
general usage, however, "issuing" a digital certificate (or CRL)
includes not only certificate creation but also making it
available to potential users, such as by storing it in a
repository or other directory or otherwise publishing it.
$ issuer
1. (I) "Issuer" of a certificate or CRL: The CA that signs the
digital certificate or CRL.
(C) An X.509 certificate always includes the issuer's name. The
name may include a common name value.
2. (N) "Issuer" of a payment card: SET usage: "The financial
institution or its agent that issues the unique primary account
number to the cardholder for the payment card brand." [SET2]
(C) The institution that establishes the account for a cardholder
and issues the payment card also guarantees payment for authorized
transactions that use the card in accordance with card brand
regulations and local legislation. [SET1]
$ ITAR
See: International Traffic in Arms Regulations.
$ ITSEC
See: Information Technology System Evaluation Criteria.
$ ITU-T
(N) International Telecommunications Union, Telecommunication
Standardization Sector (formerly "CCITT"), a United Nations treaty
organization that is composed mainly of postal, telephone, and
telegraph authorities of the member countries and that publishes
standards called "Recommendations". (See: X.400, X.500.)
(C) The Department of State represents the United States. ITU-T
works on many kinds of communication systems. ITU-T cooperates
with ISO on communication protocol standards, and many
Recommendations in that area are also published as an ISO standard
with an ISO name and number.
$ IV
See: initialization value.
$ KDC
See: Key Distribution Center.
$ KEA
See: Key Exchange Algorithm.
$ KEK
See: key-encrypting key.
$ Kerberos
(N) A system developed at the Massachusetts Institute of
Technology that depends on passwords and symmetric cryptography
(DES) to implement ticket-based, peer entity authentication
service and access control service distributed in a client-server
network environment. [R1510, Stei]
(C) Kerberos was developed by Project Athena and is named for the
three-headed dog guarding Hades.
$ key
See: cryptographic key.
$ key agreement (algorithm or protocol)
(I) A key establishment method (especially one involving
asymmetric cryptography) by which two or more entities, without
prior arrangement except a public exchange of data (such as public
keys), each computes the same key value. I.e., each can
independently generate the same key value, but that key cannot be
computed by other entities. (See: Diffie-Hellman, key
establishment, Key Exchange Algorithm, key transport.)
(O) "A method for negotiating a key value on line without
transferring the key, even in an encrypted form, e.g., the Diffie-
Hellman technique." [X509]
(O) "The procedure whereby two different parties generate shared
symmetric keys such that any of the shared symmetric keys is a
function of the information contributed by all legitimate
participants, so that no party [alone] can predetermine the value
of the key." [A9042]
(C) For example, a message originator and the intended recipient
can each use their own private key and the other's public key with
the Diffie-Hellman algorithm to first compute a shared secret
value and, from that value, derive a session key to encrypt the
message.
$ key authentication
(N) "The assurance of the legitimate participants in a key
agreement that no non-legitimate party possesses the shared
symmetric key." [A9042]
$ key center
(I) A centralized key distribution process (used in symmetric
cryptography), usually a separate computer system, that uses key-
encrypting keys (master keys) to encrypt and distribute session
keys needed in a community of users.
(C) An ANSI standard [A9017] defines two types of key center: key
distribution center and key translation center.
$ key confirmation
(N) "The assurance of the legitimate participants in a key
establishment protocol that the intended parties sharing the
symmetric key actually possess the shared symmetric key." [A9042]
$ key distribution
(I) A process that delivers a cryptographic key from the location
where it is generated to the locations where it is used in a
cryptographic algorithm. (See: key management.)
$ key distribution center (KDC)
(I) A type of key center (used in symmetric cryptography) that
implements a key distribution protocol to provide keys (usually,
session keys) to two (or more) entities that wish to communicate
securely. (See: key translation center.)
(C) A KDC distributes keys to Alice and Bob, who (a) wish to
communicate with each other but do not currently share keys, (b)
each share a KEK with the KDC, and (c) may not be able to generate
or acquire keys by themselves. Alice requests the keys from the
KDC. The KDC generates or acquires the keys and makes two
identical sets. The KDC encrypts one set in the KEK it shares with
Alice, and sends that encrypted set to Alice. The KDC encrypts the
second set in the KEK it shares with Bob, and either sends that
encrypted set to Alice for her to forward to Bob, or sends it
directly to Bob (although the latter option is not supported in
the ANSI standard [A9017]).
$ key encapsulation
See: (secondary definition under) key recovery.
$ key-encrypting key (KEK)
(I) A cryptographic key that is used to encrypt other keys, either
DEKs or other KEKs, but usually is not used to encrypt application
data.
$ key escrow
See: (secondary definition under) key recovery.
$ key establishment (algorithm or protocol)
(I) A process that combines the key generation and key
distribution steps needed to set up or install a secure
communication association. (See: key agreement, key transport.)
(O) "The procedure to share a symmetric key among different
parties by either key agreement or key transport." [A9042]
(C) Key establishment involves either key agreement or key
transport:
- Key transport: One entity generates a secret key and securely
sends it to the other entity. (Or each entity generates a
secret value and securely sends it to the other entity, where
the two values are combined to form a secret key.)
- Key agreement: No secret is sent from one entity to another.
Instead, both entities, without prior arrangement except a
public exchange of data, compute the same secret value. I.e.,
each can independently generate the same value, but that value
cannot be computed by other entities.
$ Key Exchange Algorithm (KEA)
(N) A key agreement algorithm [NIST] that is similar to the
Diffie-Hellman algorithm, uses 1024-bit asymmetric keys, and was
developed and formerly classified at the "Secret" level by NSA.
(See: CAPSTONE, CLIPPER, FORTEZZA, SKIPJACK.)
(C) On 23 June 1998, the NSA announced that KEA had been
declassified.
$ key generation
(I) A process that creates the sequence of symbols that comprise a
cryptographic key. (See: key management.)
$ key generator
1. (I) An algorithm that uses mathematical rules to
deterministically produce a pseudo-random sequence of
cryptographic key values.
2. (I) An encryption device that incorporates a key generation
mechanism and applies the key to plaintext (e.g., by exclusive OR-
ing the key bit string with the plaintext bit string) to produce
ciphertext.
$ key length
(I) The number of symbols (usually bits) needed to be able to
represent any of the possible values of a cryptographic key. (See:
key space.)
$ key lifetime
(N) MISSI usage: An attribute of a MISSI key pair that specifies a
time span that bounds the validity period of any MISSI X.509
public-key certificate that contains the public component of the
pair. (See: cryptoperiod.)
$ key management
(I) The process of handling and controlling cryptographic keys and
related material (such as initialization values) during their life
cycle in a cryptographic system, including ordering, generating,
distributing, storing, loading, escrowing, archiving, auditing,
and destroying the material. (See: key distribution, key escrow,
keying material, public-key infrastructure.)
(O) "The generation, storage, distribution, deletion, archiving
and application of keys in accordance with a security policy."
[I7498 Part 2]
(O) "The activities involving the handling of cryptographic keys
and other related security parameters (e.g., IVs, counters) during
the entire life cycle of the keys, including their generation,
storage, distribution, entry and use, deletion or destruction, and
archiving." [FP140]
$ Key Management Protocol (KMP)
(N) A protocol to establish a shared symmetric key between a pair
(or a group) of users. (One version of KMP was developed by SDNS,
and another by SILS.)
$ key material identifier (KMID)
(N) MISSI usage: A 64-bit identifier that is assigned to a key
pair when the public key is bound in a MISSI X.509 public-key
certificate.
$ key pair
(I) A set of mathematically related keys--a public key and a
private key--that are used for asymmetric cryptography and are
generated in a way that makes it computationally infeasible to
derive the private key from knowledge of the public key (e.g.,
see: Diffie-Hellman, Rivest-Shamir-Adleman).
(C) A key pair's owner discloses the public key to other system
entities so they can use the key to encrypt data, verify a digital
signature, compute a protected checksum, or generate a key in a
key agreement algorithm. The matching private key is kept secret
by the owner, who uses it to decrypt data, generate a digital
signature, verify a protected checksum, or generate a key in a key
agreement algorithm.
$ key recovery
1. (I) A process for learning the value of a cryptographic key
that was previously used to perform some cryptographic operation.
(See: cryptanalysis.)
2. (I) Techniques that provide an intentional, alternate (i.e.,
secondary) means to access the key used for data confidentiality
service in an encrypted association. [DOD4]
(C) We assume that the encryption mechanism has a primary means of
obtaining the key through a key establishment algorithm or
protocol. For the secondary means, there are two classes of key
recovery techniques--key escrow and key encapsulation:
- "Key escrow": A key recovery technique for storing knowledge of
a cryptographic key or parts thereof in the custody of one or
more third parties called "escrow agents", so that the key can
be recovered and used in specified circumstances.
Key escrow is typically implemented with split knowledge
techniques. For example, the Escrowed Encryption Standard
[FP185] entrusts two components of a device-unique split key to
separate escrow agents. The agents provide the components only
to someone legally authorized to conduct electronic
surveillance of telecommunications encrypted by that specific
device. The components are used to reconstruct the device-
unique key, and it is used to obtain the session key needed to
decrypt communications.
- "Key encapsulation": A key recovery technique for storing
knowledge of a cryptographic key by encrypting it with another
key and ensuring that that only certain third parties called
"recovery agents" can perform the decryption operation to
retrieve the stored key.
Key encapsulation typically allows direct retrieval of the
secret key used to provide data confidentiality.
$ key space
(I) The range of possible values of a cryptographic key; or the
number of distinct transformations supported by a particular
cryptographic algorithm. (See: key length.)
$ key translation center
(I) A type of key center (used in a symmetric cryptography) that
implements a key distribution protocol to convey keys between two
(or more) parties who wish to communicate securely. (See: key
distribution center.)
(C) A key translation center translates keys for future
communication between Bob and Alice, who (a) wish to communicate
with each other but do not currently share keys, (b) each share a
KEK with the center, and (c) have the ability to generate or
acquire keys by themselves. Alice generates or acquires a set of
keys for communication with Bob. Alice encrypts the set in the KEK
she shares with the center and sends the encrypted set to the
center. The center decrypts the set, reencrypts the set in the KEK
it shares with Bob, and either sends that encrypted set to Alice
for her to forward to Bob, or sends it directly to Bob (although
direct distribution is not supported in the ANSI standard
[A9017]).
$ key transport (algorithm or protocol)
(I) A key establishment method by which a secret key is generated
by one entity in a communication association and securely sent to
another entity in the association. (See: key agreement.)
(O) "The procedure to send a symmetric key from one party to other
parties. As a result, all legitimate participants share a common
symmetric key in such a way that the symmetric key is determined
entirely by one party." [A9042]
(C) For example, a message originator can generate a random
session key and then use the Rivest-Shamir-Adleman algorithm to
encrypt that key with the public key of the intended recipient.
$ key update
(I) Derive a new key from an existing key. (See: certificate
rekey.)
$ key validation
(N) "The procedure for the receiver of a public key to check that
the key conforms to the arithmetic requirements for such a key in
order to thwart certain types of attacks." [A9042]
$ keyed hash
(I) A cryptographic hash (e.g., [R1828]) in which the mapping to a
hash result is varied by a second input parameter that is a
cryptographic key. (See: checksum.)
(C) If the input data object is changed, a new hash result cannot
be correctly computed without knowledge of the secret key. Thus,
the secret key protects the hash result so it can be used as a
checksum even when there is a threat of an active attack on the
data. There are least two forms of keyed hash:
- A function based on a keyed encryption algorithm. (E.g., see:
Data Authentication Code.)
- A function based on a keyless hash that is enhanced by
combining (e.g., by concatenating) the input data object
parameter with a key parameter before mapping to the hash
result. (E.g., see: HMAC.)
$ keying material
(I) Data (such as keys, key pairs, and initialization values)
needed to establish and maintain a cryptographic security
association.
$ KMID
See: key material identifier.
$ known-plaintext attack
(I) A cryptanalysis technique in which the analyst tries to
determine the key from knowledge of some plaintext-ciphertext
pairs (although the analyst may also have other clues, such as the
knowing the cryptographic algorithm).
$ L2F
See: Layer 2 Forwarding Protocol.
$ L2TP
See: Layer 2 Tunneling Protocol.
$ label
See: security label.
$ Language of Temporal Ordering Specification (LOTOS)
(N) A language (ISO 8807-1990) for formal specification of
computer network protocols; describes the order in which events
occur.
$ lattice model
(I) A security model for flow control in a system, based on the
lattice that is formed by the finite security levels in a system
and their partial ordering. [Denn] (See: flow control, security
level, security model.)
(C) The model describes the semantic structure formed by a finite
set of security levels, such as those used in military
organizations.
(C) A lattice is a finite set together with a partial ordering on
its elements such that for every pair of elements there is a least
upper bound and a greatest lower bound. For example, a lattice is
formed by a finite set S of security levels -- i.e., a set S of all
ordered pairs (x, c), where x is one of a finite set X of
hierarchically ordered classification levels (X1, ..., Xm), and c
is a (possibly empty) subset of a finite set C of non-hierarchical
categories (C1, ..., Cn) -- together with the "dominate" relation.
(See: dominate.)
$ Law Enforcement Access Field (LEAF)
(N) A data item that is automatically embedded in data encrypted
by devices (e.g., see: CLIPPER chip) that implement the Escrowed
Encryption Standard.
$ Layer 2 Forwarding Protocol (L2F)
(N) An Internet protocol (originally developed by Cisco
Corporation) that uses tunneling of PPP over IP to create a
virtual extension of a dial-up link across a network, initiated by
the dial-up server and transparent to the dial-up user. (See:
L2TP.)
$ Layer 2 Tunneling Protocol (L2TP)
(N) An Internet client-server protocol that combines aspects of
PPTP and L2F and supports tunneling of PPP over an IP network or
over frame relay or other switched network. (See: virtual private
network.)
(C) PPP can in turn encapsulate any OSI layer 3 protocol. Thus,
L2TP does not specify security services; it depends on protocols
layered above and below it to provide any needed security.
$ LDAP
See: Lightweight Directory Access Protocol.
$ least privilege
(I) The principle that a security architecture should be designed
so that each system entity is granted the minimum system resources
and authorizations that the entity needs to do its work. (See:
economy of mechanism.)
(C) This principle tends to limit damage that can be caused by an
accident, error, or unauthorized act.
$ Lightweight Directory Access Protocol (LDAP)
(N) A client-server protocol that supports basic use of the X.500
Directory (or other directory servers) without incurring the
resource requirements of the full Directory Access Protocol (DAP).
[R1777]
(C) Designed for simple management and browser applications that
provide simple read/write interactive directory service. Supports
both simple authentication and strong authentication of the client
to the directory server.
$ link
(I) World Wide Web usage: See: hyperlink.
(I) Subnetwork usage: A point-to-point communication channel
connecting two subnetwork relays (especially one between two
packet switches) that is implemented at OSI layer 2. (See: link
encryption.)
(C) The relay computers assume that links are logically passive.
If a computer at one end of a link sends a sequence of bits, the
sequence simply arrives at the other end after a finite time,
although some bits may have been changed either accidentally
(errors) or by active wiretapping.
$ link-by-link encryption
$ link encryption
(I) Stepwise protection of data that flows between two points in a
network, provided by encrypting data separately on each network
link, i.e., by encrypting data when it leaves a host or subnetwork
relay and decrypting when it arrives at the next host or relay.
Each link may use a different key or even a different algorithm.
[R1455] (See: end-to-end encryption.)
$ logic bomb
(I) Malicious logic that activates when specified conditions are
met. Usually intended to cause denial of service or otherwise
damage system resources. (See: Trojan horse, virus, worm.)
$ login
(I) The act of a system entity gaining access to a session in
which the entity can use system resources; usually accomplished by
providing a user name and password to an access control system
that authenticates the user.
(C) Derives from "log" file", a security audit trail that records
security events, such as the beginning of sessions, and who
initiates them.
$ LOTOS
See: Language of Temporal Ordering Specification.
$ MAC
See: mandatory access control, Message Authentication Code.
$ malicious logic
(I) Hardware, software, or firmware that is intentionally included
or inserted in a system for a harmful purpose. (See: logic bomb,
Trojan horse, virus, worm.)
$ malware
(I) A contraction of "malicious software". (See: malicious logic.)
(D) ISDs SHOULD NOT use this term because it is not listed in most
dictionaries and could confuse international readers.
$ man-in-the-middle
(I) A form of active wiretapping attack in which the attacker
intercepts and selectively modifies communicated data in order to
masquerade as one or more of the entities involved in a
communication association. (See: hijack attack, piggyback attack.)
(C) For example, suppose Alice and Bob try to establish a session
key by using the Diffie-Hellman algorithm without data origin
authentication service. A "man in the middle" could (a) block
direct communication between Alice and Bob and then (b) masquerade
as Alice sending data to Bob, (c) masquerade as Bob sending data
to Alice, (d) establish separate session keys with each of them,
and (e) function as a clandestine proxy server between them in
order to capture or modify sensitive information that Alice and
Bob think they are sending only to each other.
$ mandatory access control (MAC)
(I) An access control service that enforces a security policy
based on comparing (a) security labels (which indicate how
sensitive or critical system resources are) with (b) security
clearances (which indicate system entities are eligible to access
certain resources). (See: discretionary access control, rule-based
security policy.)
(C) This kind of access control is called "mandatory" because an
entity that has clearance to access a resource may not, just by
its own volition, enable another entity to access that resource.
(O) "A means of restricting access to objects based on the
sensitivity (as represented by a label) of the information
contained in the objects and the formal authorization (i.e.,
clearance) of subjects to access information of such sensitivity."
[DOD1]
$ manipulation detection code
(D) ISDs SHOULD NOT use this term as a synonym for "checksum"
because the word "manipulation" implies protection against active
attacks, which an ordinary checksum might not provide. Instead, if
such protection is intended, use "protected checksum" or some
particular type thereof, depending on which is meant. If such
protection is not intended, use "error detection code" or some
specific type of checksum that is not protected.
$ masquerade attack
(I) A type of attack in which one system entity illegitimately
poses as (assumes the identity of) another entity. (See: spoofing
attack.)
$ MCA
See: merchant certificate authority.
$ MD2
(N) A cryptographic hash [R1319] that produces a 128-bit hash
result, was designed by Ron Rivest, and is similar to MD4 and MD5
but slower. (See: message digest.)
$ MD4
(N) A cryptographic hash [R1320] that produces a 128-bit hash
result and was designed by Ron Rivest. (See: message digest and
SHA-1.)
$ MD5
(N) A cryptographic hash [R1321] that produces a 128-bit hash
result and was designed by Ron Rivest to be an improved version of
MD4.
$ merchant
(O) SET usage: "A seller of goods, services, and/or other
information who accepts payment for these items electronically."
[SET2] A merchant may also provide electronic selling services
and/or electronic delivery of items for sale. With SET, the
merchant can offer its cardholders secure electronic interactions,
but a merchant that accepts payment cards is required to have a
relationship with an acquirer. [SET1, SET2]
$ merchant certificate
(O) SET usage: A public-key certificate issued to a merchant.
Sometimes used to refer to a pair of such certificates where one
is for digital signature use and the other is for encryption.
$ merchant certification authority (MCA)
(O) SET usage: A CA that issues digital certificates to merchants
and is operated on behalf of a payment card brand, an acquirer, or
another party according to brand rules. Acquirers verify and
approve requests for merchant certificates prior to issuance by
the MCA. An MCA does not issue a CRL, but does distribute CRLs
issued by root CAs, brand CAs, geopolitical CAs, and payment
gateway CAs. [SET2]
$ mesh PKI
(I) A non-hierarchical PKI architecture in which there are several
trusted CAs rather than a single root. Each certificate user bases
path validations on the public key of one of the trusted CAs,
usually the one that issued that user's own public-key
certificate. Rather than having superior-to-subordinate
relationships between CAs, the relationships are peer-to-peer, and
CAs issue cross-certificates to each other. (See: hierarchical
PKI, trust-file PKI.)
$ message authentication code vs. Message Authentication Code (MAC)
1. (N) Capitalized: "(The) Message Authentication Code" refers to
an ANSI standard for a checksum that is computed with a keyed hash
that is based on DES. [A9009] (Also known as the U.S. Government
standard Data Authentication Code. [FP113])
(C) The ANSI standard MAC algorithm is equivalent to cipher block
chaining with IV = 0.
2. (D) Not capitalized: ISDs SHOULD NOT use the uncapitalized form
"message authentication code", because this term mixes concepts in
a potentially misleading way. Instead, use "checksum", "error
detection code", "hash", "keyed hash", "Message Authentication
Code", or "protected checksum", depending on what is meant. (See:
authentication code.)
(C) In the uncapitalized form, the word "message" is misleading
because it implies that the mechanism is particularly suitable for
or limited to electronic mail (see: Message Handling Systems), the
word "authentication" is misleading because the mechanism
primarily serves a data integrity function rather than an
authentication function, and the word "code" is misleading because
it implies that either encoding or encryption is involved or that
the term refers to computer software.
$ message digest
(D) ISDs SHOULD NOT use this term as a synonym for "hash result"
because it unnecessarily duplicates the meaning of the other, more
general term and mixes concepts in a potentially misleading way.
(See: cryptographic hash, Message Handling System.)
$ Message Handling Systems
(I) A ITU-T/ISO system concept, which encompasses the notion of
electronic mail but defines more comprehensive OSI systems and
services that enable users to exchange messages on a store-and-
forward basis. (The ISO equivalent is "Message Oriented Text
Interchange System".) (See: X.400.)
$ message indicator
(D) ISDs SHOULD NOT use this term as a synonym for "initialization
value" because it mixes concepts in a potentially misleading way.
$ message integrity check
$ message integrity code
(D) ISDs SHOULD NOT use these terms because they mix concepts in a
potentially misleading way. (The word "message" is misleading
because it suggests that the mechanism is particularly suitable
for or limited to electronic mail. The word "code" is misleading
because it suggests that either encoding or encryption is
involved, or that the term refers to computer software.) Instead,
use "checksum", "error detection code", "hash", "keyed hash",
"Message Authentication Code", or "protected checksum", depending
on what is meant.
$ Message Security Protocol (MSP)
(N) A secure message handling protocol [SDNS7] for use with X.400
and Internet mail protocols. Developed by NSA's SDNS program and
used in the U.S. Defense Message System.
$ MHS
See: message handling system.
$ MIME
See: Multipurpose Internet Mail Extensions.
$ MIME Object Security Services (MOSS)
(I) An Internet protocol [R1848] that applies end-to-end
encryption and digital signature to MIME message content, using
symmetric cryptography for encryption and asymmetric cryptography
for key distribution and signature. MOSS is based on features and
specifications of PEM. (See: S/MIME.)
$ Minimum Interoperability Specification for PKI Components (MISPC)
(N) A technical description to provide a basis for interoperation
between PKI components from different vendors; consists primarily
of a profile of certificate and CRL extensions and a set of
transactions for PKI operation. [MISPC]
$ MISPC
See: Minimum Interoperability Specification for PKI Components.
$ MISSI
(N) Multilevel Information System Security Initiative, an NSA
program to encourage development of interoperable, modular
products for constructing secure network information systems in
support of a wide variety of Government missions. (See: MSP.)
$ MISSI user
(O) MISSI usage: A system entity that is the subject of one or
more MISSI X.509 public-key certificates issued under a MISSI
certification hierarchy. (See: personality.)
(C) MISSI users include both end users and the authorities that
issue certificates. A MISSI user is usually a person but may be a
machine or other automated process. Some machines are required to
operate non-stop. To avoid downtime needed to exchange the
FORTEZZA cards of machine operators at shift changes, the machines
may be issued their own cards, as if they were persons.
$ mode
$ mode of operation
(I) Encryption usage: A technique for enhancing the effect of a
cryptographic algorithm or adapting the algorithm for an
application, such as applying a block cipher to a sequence of data
blocks or a data stream. (See: electronic codebook, cipher block
chaining, cipher feedback, output feedback.)
(I) System operation usage: A type of security policy that states
the range of classification levels of information that a system is
permitted to handle and the range of clearances and authorizations
of users who are permitted to access the system. (See: dedicated
security mode, multilevel security mode, partitioned security
mode, system high security mode.)
$ modulus
(I) The defining constant in modular arithmetic, and usually a
part of the public key in asymmetric cryptography that is based on
modular arithmetic. (See: Diffie-Hellman, Rivest-Shamir-Adleman.)
$ Morris Worm
(I) A worm program written by Robert T. Morris, Jr. that flooded
the ARPANET in November, 1988, causing problems for thousands of
hosts. (See: worm.)
$ MOSS
See: MIME Object Security Services.
$ MSP
See: Message Security Protocol.
$ multilevel secure (MLS)
(I) A class of system that has system resources (particularly
stored information) at more than one security level (i.e., has
different types of sensitive resources) and that permits
concurrent access by users who differ in security clearance and
need-to-know, but is able to prevent each user from accessing
resources for which the user lacks authorization.
$ multilevel security mode
(I) A mode of operation of an information system, that allows two
or more classification levels of information to be processed
concurrently within the same system when not all users have a
clearance or formal access authorization for all data handled by
the system.
(C) This mode is defined formally in U.S. Department of Defense
policy regarding system accreditation [DOD2], but the term is also
used outside the Defense Department and outside the Government.
$ Multipurpose Internet Mail Extensions (MIME)
(I) An Internet protocol [R2045] that enhances the basic format of
Internet electronic mail messages [R0822] to be able to use
character sets other than US-ASCII for textual headers and text
content, and to carry non-textual and multi-part content. (See:
S/MIME.)
$ mutual suspicion
(I) The state that exists between two interacting system entities
in which neither entity can trust the other to function correctly
with regard to some security requirement.
$ National Computer Security Center (NCSC)
(N) A U.S. Department of Defense organization, housed in NSA, that
has responsibility for encouraging widespread availability of
trusted computer systems throughout the Federal Government. It has
established criteria for, and performs evaluations of, computer
and network systems that have a trusted computing base. (See:
Evaluated Products List, Rainbow Series, TCSEC.)
$ National Information Assurance Partnership (NIAP)
(N) An organization created by NIST and NSA to enhance the quality
of commercial products for information security and increase
consumer confidence in those products through objective evaluation
and testing methods.
(C) NIAP is registered, through the U.S. Department of Defense, as
a National Performance Review Reinvention Laboratory. NIAP
functions include the following:
- Developing tests, test methods, and other tools that developers
and testing laboratories may use to improve and evaluate
security products.
- Collaborating with industry and others on research and testing
programs.
- Using the Common Criteria to develop protection profiles and
associated test sets for security products and systems.
- Cooperating with the NIST National Voluntary Laboratory
Accreditation Program to develop a program to accredit private-
sector laboratories for the testing of information security
products using the Common Criteria.
- Working to establish a formal, international mutual recognition
scheme for a Common Criteria-based evaluation.
$ National Institute of Standards and Technology (NIST)
(N) A U.S. Department of Commerce agency that promotes U.S.
economic growth by working with industry to develop and apply
technology, measurements, and standards. Has primary Government
responsibility for INFOSEC standards for unclassified but
sensitive information. (See: ANSI, DES, DSA, DSS, FIPS, NIAP,
NSA.)
$ National Security Agency (NSA)
(N) A U.S. Department of Defense intelligence agency that has
primary Government responsibility for INFOSEC for classified
information and for unclassified but sensitive information handled
by national security systems. (See: FORTEZZA, KEA, MISSI, NIAP,
NIST, SKIPJACK.)
$ need-to-know
(I) The necessity for access to, knowledge of, or possession of
specific information required to carry out official duties.
(C) This criterion is used in security procedures that require a
custodian of sensitive information, prior to disclosing the
information to someone else, to establish that the intended
recipient has proper authorization to access the information.
$ network
See: computer network.
$ NIAP
See: National Information Assurance Partnership.
$ NIST
See: National Institute of Standards and Technology.
$ NLSP
Network Layer Security Protocol. An OSI protocol (IS0 11577) for
end-to-end encryption services at the top of OSI layer 3. NLSP is
derived from an SDNS protocol, SP3, but is much more complex.
$ no-lone zone
(I) A room or other space to which no person may have
unaccompanied access and that, when occupied, is required to be
occupied by two or more appropriately authorized persons. (See:
dual control.)
$ nonce
(I) A random or non-repeating value that is included in data
exchanged by a protocol, usually for the purpose of guaranteeing
liveness and thus detecting and protecting against replay attacks.
$ non-critical
See: critical (extension of certificate).
$ non-repudiation service
(I) A security service that provide protection against false
denial of involvement in a communication. (See: repudiation.)
(C) Non-repudiation service does not and cannot prevent an entity
from repudiating a communication. Instead, the service provides
evidence that can be stored and later presented to a third party
to resolve disputes that arise if and when a communication is
repudiated by one of the entities involved. There are two basic
kinds of non-repudiation service:
- "Non-repudiation with proof of origin" provides the recipient
of data with evidence that proves the origin of the data, and
thus protects the recipient against an attempt by the
originator to falsely deny sending the data. This service can
be viewed as a stronger version of an data origin
authentication service, in that it proves authenticity to a
third party.
- "Non-repudiation with proof of receipt" provides the originator
of data with evidence that proves the data was received as
addressed, and thus protects the originator against an attempt
by the recipient to falsely deny receiving the data.
(C) Phases of a Non-Repudiation Service: Ford [For94, For97] uses
the term "critical action" to refer to the act of communication
that is the subject of the service:
-------- -------- -------- -------- -------- . --------
Phase 1: Phase 2: Phase 3: Phase 4: Phase 5: . Phase 6:
Request Generate Transfer Verify Retain . Resolve
Service Evidence Evidence Evidence Evidence . Dispute
-------- -------- -------- -------- -------- . --------
Service Critical Evidence Evidence Archive . Evidence
Request => Action => Stored => Is => Evidence . Is
Is Made Occurs For Later Tested In Case . Verified
and Use | ^ Critical . ^
Evidence v | Action Is . |
Is +-------------------+ Repudiated . |
Generated |Verifiable Evidence|------> ... . ----+
+-------------------+
Phase / Explanation
-------------------
1. Before the critical action, the service requester asks, either
implicitly or explicitly, to have evidence of the action be
generated.
2. When the critical action occurs, evidence is generated by a
process involving the potential repudiator and possibly also a
trusted third party.
3. The evidence is transferred to the requester, or stored by a
third party, for later use if needed.
4. The entity that holds the evidence tests to be sure that it
will suffice if a dispute arises.
5. The evidence is retained for possible future retrieval and use.
6. In this phase, which occurs only if the critical action is
repudiated, the evidence is retrieved from storage, presented,
and verified to resolve the dispute.
$ no-PIN ORA (NORA)
(O) MISSI usage: An organizational RA that operates in a mode in
which the ORA performs no card management functions and,
therefore, does not require knowledge of either the SSO PIN or
user PIN for an end user's FORTEZZA PC card.
$ NORA
See: no-PIN ORA.
$ notarization
(I) Registration of data under the authority or in the care of a
trusted third party, thus making it possible to provide subsequent
assurance of the accuracy of characteristics claimed for the data,
such as content, origin, time, and delivery. [I7498 Part 2] (See:
digital notary.)
$ NULL encryption algorithm
(I) An algorithm [R2410] that does nothing to transform plaintext
data; i.e., a no-op. It originated because of IPsec ESP, which
always specifies the use of an encryption algorithm to provide
confidentiality. The NULL encryption algorithm is a convenient way
to represent the option of not applying encryption in ESP (or in
any other context where this is needed).
$ OAKLEY
(I) A key establishment protocol (proposed for IPsec but
superseded by IKE) based on the Diffie-Hellman algorithm and
designed to be a compatible component of ISAKMP. [R2412]
(C) OAKLEY establishes a shared key with an assigned identifier
and associated authenticated identities for parties. I.e., OAKLEY
provides authentication service to ensure the entities of each
other's identity, even if the Diffie-Hellman exchange is
threatened by active wiretapping. Also, provides public-key
forward secrecy for the shared key and supports key updates,
incorporation of keys distributed by out-of-band mechanisms, and
user-defined abstract group structures for use with Diffie-
Hellman.
$ object
(I) Trusted computer system modeling usage: A system element that
contains or receives information. (See: Bell-LaPadula Model,
trusted computer system.)
$ object identifier (OID)
(I) An official, globally unique name for a thing, written as a
sequence of integers (which are formed and assigned as defined in
the ASN.1 standard) and used to reference the thing in abstract
specifications and during negotiation of security services in a
protocol.
(O) "A value (distinguishable from all other such values) which is
associated with an object." [X680]
(C) Objects named by OIDs are leaves of the object identifier tree
(which is similar to but different from the X.500 Directory
Information Tree). Each arc (i.e., each branch of the tree) is
labeled with a non-negative integer. An OID is the sequence of
integers on the path leading from the root of the tree to a named
object.
(C) The OID tree has three arcs immediately below the root: {0}
for use by ITU-T, {1} for use by ISO, and {2} for use by both
jointly. Below ITU-T are four arcs, where {0 0} is for ITU-T
recommendations. Below {0 0} are 26 arcs, one for each series of
recommendations starting with the letters A to Z, and below these
are arcs for each recommendation. Thus, the OID for ITU-T
Recommendation X.509 is {0 0 24 509}. Below ISO are four arcs,
where {1 0 }is for ISO standards, and below these are arcs for
each ISO standard. Thus, the OID for ISO/IEC 9594-8 (the ISO
number for X.509) is {1 0 9594 8}.
(C) The following are additional examples: ANSI registers
organization names below the branch {joint-iso-ccitt(2)
country(16) US(840) organization(1)}. The NIST CSOR records PKI
objects below the branch {joint-iso-ccitt(2) country(16) us(840)
gov(101) csor(3) pki(4)}. The U.S. Department of Defense registers
INFOSEC objects below the branch {joint-iso-ccitt(2) country(16)
us(840) organization(1) gov(101) dod(2) infosec(1)}. The OID for
the PKIX private extension is defined in an arc below the arc for
the PKIX name space, as {iso(1) identified-organization(3) dod(6)
internet(1) security(5) mechanisms(5) pkix(7) 1 1}.
$ object reuse
(N) "The reassignment and reuse of a storage medium (e.g., page
frame, disk sector, magnetic tape) that once contained one or more
[information] objects. To be securely reused and assigned to a new
subject, storage media must contain no residual data (magnetic
remanence) from the object(s) previously contained in the media."
[NCS04]
$ OCSP
See: On-line Certificate Status Protocol.
$ octet
(I) A data unit of eight bits. (See: byte.)
(c) This term is used in networking (especially in OSI standards)
in preference to "byte", because some systems use "byte" for data
storage units of a size other than eight.
$ OFB
See: output feedback.
$ ohnosecond
(C) That minuscule fraction of time in which you realize that your
private key has been compromised.
$ OID
See: object identifier.
$ On-line Certificate Status Protocol (OCSP)
(I) An Internet protocol used by a client to obtain from a server
the validity status and other information concerning a digital
certificate.
(C) In some applications, such as those involving high-value
commercial transactions, it may be necessary to obtain certificate
revocation status that is more timely than is possible with CRLs
or to obtain other kinds of status information. OCSP may be used
to determine the current revocation status of a digital
certificate, in lieu of or as a supplement to checking against a
periodic CRL. An OCSP client issues a status request to an OCSP
server and suspends acceptance of the certificate in question
until the server provides a response.
$ one-time pad
(I) An encryption algorithm in which the key is a random sequence
of symbols and each symbol is used for encryption only one time--
to encrypt only one plaintext symbol to produce only one
ciphertext symbol--and a copy of the key is used similarly for
decryption.
(C) To ensure one-time use, the copy of the key used for
encryption is destroyed after use, as is the copy used for
decryption. This is the only encryption algorithm that is truly
unbreakable, even given unlimited resources for cryptanalysis
[Schn], but key management costs and synchronization problems make
it impractical except in special situations.
$ one-time password
$ One-Time Password (OTP)
1. Not capitalized: A "one-time password" is a simple
authentication technique in which each password is used only once
as authentication information that verifies an identity. This
technique counters the threat of a replay attack that uses
passwords captured by wiretapping.
2. Capitalized: "One-Time Password" is an Internet protocol
[R1938] that is based on S/KEY and uses a cryptographic hash
function to generate one-time passwords for use as authentication
information in system login and in other processes that need
protection against replay attacks.
$ one-way encryption
(I) Irreversible transformation of plaintext to ciphertext, such
that the plaintext cannot be recovered from the ciphertext by
other than exhaustive procedures even if the cryptographic key is
known. (See: encryption.)
$ one-way function
(I) "A (mathematical) function, f, which is easy to compute, but
which for a general value y in the range, it is computationally
difficult to find a value x in the domain such that f(x) = y.
There may be a few values of y for which finding x is not
computationally difficult." [X509]
(D) ISDs SHOULD NOT use this term as a synonym for "cryptographic
hash".
$ open security environment
(O) U.S. Department of Defense usage: A system environment that
meets at least one of the following conditions: (a) Application
developers (including maintainers) do not have sufficient
clearance or authorization to provide an acceptable presumption
that they have not introduced malicious logic. (b) Configuration
control does not provide sufficient assurance that applications
and the equipment are protected against the introduction of
malicious logic prior to and during the operation of system
applications. [NCS04] (See: closed security environment.)
$ Open Systems Interconnection (OSI) Reference Model (OSIRM)
(N) A joint ISO/ITU-T standard [I7498 Part 1] for a seven-layer,
architectural communication framework for interconnection of
computers in networks.
(C) OSI-based standards include communication protocols that are
mostly incompatible with the Internet Protocol Suite, but also
include security models, such as X.509, that are used in the
Internet.
(C) The OSIRM layers, from highest to lowest, are (7) Application,
(6) Presentation, (5) Session, (4) Transport, (3) Network, (2)
Data Link, and (1) Physical. In this Glossary, these layers are
referred to by number to avoid confusing them with Internet
Protocol Suite layers, which are referred to by name.
(C) Some unknown person described how the OSI layers correspond to
the seven deadly sins:
7. Wrath: Application is always angry at the mess it sees below
itself. (Hey! Who is it to be pointing fingers?)
6. Sloth: Presentation is too lazy to do anything productive by
itself.
5. Lust: Session is always craving and demanding what truly
belongs to Application's functionality.
4. Avarice: Transport wants all of the end-to-end functionality.
(Of course, it deserves it, but life isn't fair.)
3. Gluttony: (Connection-Oriented) Network is overweight and
overbearing after trying too often to eat Transport's lunch.
2. Envy: Poor Data Link is always starved for attention. (With
Asynchronous Transfer Mode, maybe now it is feeling less
neglected.)
1. Pride: Physical has managed to avoid much of the controversy,
and nearly all of the embarrassment, suffered by the others.
(C) John G. Fletcher described how the OSI layers also correspond
to Snow White's dwarf friends:
7. Doc: Application acts as if it is in charge, but sometimes
muddles its syntax.
6. Sleepy: Presentation is indolent, being guilty of the sin of
Sloth.
5. Dopey: Session is confused because its charter is not very
clear.
4. Grumpy: Transport is irritated because Network has encroached
on Transport's turf.
3. Happy: Network smiles for the same reason that Transport is
irritated.
2. Sneezy: Data Link makes loud noises in the hope of attracting
attention.
1. Bashful: Physical quietly does its work, unnoticed by the
others.
$ operational integrity
(I) A synonym for "system integrity"; emphasizes the actual
performance of system functions rather than just the ability to
perform them.
$ operations security (OPSEC)
(I) A process to identify, control, and protect evidence of the
planning and execution of sensitive activities and operations, and
thereby prevent potential adversaries from gaining knowledge of
capabilities and intentions.
$ OPSEC
See: operations security.
$ ORA
See: organizational registration authority.
$ Orange Book
(D) ISDs SHOULD NOT use this term as a synonym for "Trusted
Computer System Evaluation Criteria" [CSC001, DOD1]. Instead, use
the full, proper name of the document or, in subsequent
references, the abbreviation "TCSEC". (See: (usage note under)
Green Book.)
$ organizational certificate
(O) MISSI usage: A type of MISSI X.509 public-key certificate that
is issued to support organizational message handling for the U.S.
Government's Defense Message System.
$ organizational registration authority (ORA)
(I) General usage: An RA for an organization.
(O) MISSI usage: The MISSI implementation of RA. A MISSI end
entity that (a) assists a PCA, CA, or SCA to register other end
entities, by gathering, verifying, and entering data and
forwarding it to the signing authority and (b) may also assist
with card management functions. An ORA is a local administrative
authority, and the term refers both to the office or role, and to
the person who fills that office. An ORA does not sign
certificates, CRLs, or CKLs. (See: no-PIN ORA, SSO-PIN ORA, user-
PIN ORA.)
$ origin authentication
$ origin authenticity
(D) ISDs SHOULD NOT use these terms because they look like
careless use of an internationally standardized term. Instead, use
"data origin authentication" or "peer entity authentication",
depending which is meant.
$ OSI
$ OSIRM
See: Open Systems Interconnection Reference Model.
$ OTP
See: One-Time Password.
$ out of band
(I) Transfer of information using a channel that is outside (i.e.,
separate from) the channel that is normally used. (See: covert
channel.)
(C) Out-of-band mechanisms are often used to distribute shared
secrets (e.g., a symmetric key) or other sensitive information
items (e.g., a root key) that are needed to initialize or
otherwise enable the operation of cryptography or other security
mechanisms. (See: key distribution.)
(next page on part 5)
